The chip vulnerabilities announced two weeks ago affect almost every single PC, Mac, laptop, tablet, and smartphone created in the last 20 years. Passwords, personal information and any secure information on a device are at risk.

How It Works
This malware affects the “kernel” or core of the operating system, which acts as a bridge between the hardware and software of a machine. The core handles everything from typing and clicking to opening and running applications like web browsers and Microsoft Outlook. The core provides each process with the resources it needs to function and keeps the processes isolated.

When exploited, this security flaw allows an attacker to subvert this isolation and read all of the protected data on a computer. These data could include anything from passwords to personally identifiable information from your tax program. These attacks can be especially damaging for cloud services because they run shared setups where users share hardware but are isolated by software. By hacking one user’s cloud instance, hackers can use these security flaws to see all the data on the shared hardware. Fortunately, the security flaw is difficult to exploit, and attackers must compromise a machine before they can exploit these chip vulnerabilities.

What’s Being Done?
Companies like Intel, Apple, Google, and Microsoft have released patches to defend against these security flaws. The patches further isolate the core’s memory but may degrade performance by as much as 30 percent. Most vendors report that general computer users will not see such a large decrease in performance.

LMI is implementing a remediation plan to patch all vulnerable systems. We will test the patches against a pilot group of machines before releasing them to the rest of the organizational ecosystem. This will allow our team to identify and address potential issues with the patches to maintain LMI operations as the patches are implemented.

To protect your personal systems, install patches and operating system updates as soon as they are released, and make sure your web browsers are up to date. Most browsers automatically update, but it is beneficial to verify that they have been patched.

Looking Ahead
As an organization directly involved in the cyber space, LMI is aware that security flaws and exploits will continue to be a concern. This specific cyber scare is far less concerning than the number of security vulnerabilities we saw in 2017. We expect to see even more vulnerabilities in 2018 because of the evolving nature of hackers and the spread of far-reaching security flaws. Our team will continue to adapt to the ever-changing cyber threat landscape as threat actors change their tools and techniques.

Jonathan Stammler is the Information Security Manager for the Enterprise Technology Services group at LMI. He received an MS in information security from Georgia Institute of Technology and a BS in information technology from George Mason University. If you’d like more information on how LMI can assist your organization with its cybersecurity needs, please email Jonathan.